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DETAILED ACTION 



Minor Informalities 



As per claim 53, depends from a canceled claimed, 48. Correction is required. 



Claim Rejections - 35 USC § 102 



2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 1-2, 4-6, 18, 35, 38-40, 49-50, 54, 56-57, 61-62, 65-66, 71, 73, and 86 are rejected 
under 35 U.S.C. 102(e) as being anticipated by RalHs et al.(6,425,084). 

4. As per claims 1, 18, 35, 49, 54, 61, 71, 86, Rallis et al. discloses compact personal 
token(20)(see fig. IB, sheet 1), a USB-compliant interface releaseably(14) coupleable to a host 
processing device(10)(see fig. lA, sheet 1); a memory; a processor, communicatively coupled to 
the memory and communicatively, coupleable to the host processing device via the 
USB-comphant interface(see fig. lA, IB, sheet 1, col. 3, lines 4-17), the processor for providing 
the host processing device conditional access to data storable in the memory(see col. 2, lines 58- 
66); and a user input device, communicatively coupled to the processor by a path distinct firom 
the USB-compliant interface, for accepting an input signaling authorization of a processor 
operation(see col. 2, lines 63-67, fig. 1 A, sheet 1). The Examiner asserts that access to private 
data is secured, because only the authorized user with the Pin can access the host computer 
system. Rallis does not disclose "for processing by the processor to signal authorization of a 
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processor operation providing access to the user private data", "in response to a message 
received in the token from the host processing device via the USB-compUant interface invoking 
the processor operation". The Examiner asserts that Rallis does disclose this, because Rallis 
discloses power and command messages from the notebook computer that contains a processor, 
and response messages from the key device(see col. 2, lines 1, lines 46-58). The Examiner 
asserts that the user private data of the notebook computer is not allov^ed to be accessed, until the 
user is validated, because Ralhs discloses the key device is used in conjunction with the 
notebook computer to prevent unauthorized user's from gaining access to the notebook 
computer(see col. 2, lines 58-66). 

5. As per claims 2, 38, Rallis discloses wherein the path is entirely internal to the token(see 
col. 1, lines 62-67). 

6. As per claim 4, Rallis discloses wherein the private data is designated as requiring 
authorization before access by an associated identification stored in the memory(see col. 1, lines 
61-67, col. 2, lines 62-66). 

7. As per claims 5, 39, 65, 73, Rallis discloses wherein the input device includes at least one 
pressure-sensitive device actuatable from an exterior surface of the token(see col. 5, lines 46-50), 

8. As per claims 6, 40, 66, Rallis et aL discloses wherein the input device comprises at least 
one push-button switch(see col. 5, lines 46-50). 

9. As per claims 50, 57, Rallis et al. inherently discloses wherein the user input device 
includes a character input device, because Rallis discloses a user has to enter a pin(see col. 1, 
lines 62-67). 
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10. As per claim 62, Rallis et al. discloses wherein the user input device is configured to 
control an operation of the processor(see col. 2, lines 59-67) . 

11. As per claim 56, Rallis discloses, wherein the user output device is coupled to the 
processor by a path distinct from the USB-compliant interface(see coL 6, lines 7-22). 

12. As per claim 86, Rallis discloses authorizing access to private data stored in a token 
having a processor communicatively coupleable to a host processor via a Universal Serial Bus 
(USB) interface, comprising the steps of: accepting a command in the token invoking a processor 
operation; and signaling the processor operation via a user output device(see col. 1, lines 62-67, 
col. 2, lines 62-66, see fig. 1 A, sheet 1). 

Claim Rejections -35 use §103 

13. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 7-10, 12-15, 19-26, 28-31, 34, 36-37, 41, 43-46, 63-64, 67-69, 72, 74-77, 80-83, 
85, 87, and 89 are rejected under 35 U.S.C. 103(a) as being unpatentable over Rallis et al in view 
of Kobielus. 

14. Claims 7, 74, 81, 82, Rallis does not disclose an output device, coupled to the processor 
by a second path distinct fi:*om the USB-compliant interface, for prompting a user to provide an 
authorization of a processor operation. Kobielus teaches the output device that is the LCD. The 
Examiner asserts that it is a path distinct from the USB-compliant interface, because Rallis 
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discloses the USB-compliant interface that has a USB port is located on the computer(see fig. 
1 A, sheet 1). The LCD of Kobielus it taught as being on the token. 

15. It would have been obvious to one of ordinary skill in the art to combine Rallis v^ith 
Kobielus, because both are analogous for providing a token to a user in order to gain access to 
computer. The motivation to include an output device such as a LCD is, the LCD display's the 
access code in Kobielus. Kobielus discloses that SecurED does. a challenge and response process 
that generates an access code, and the user entered the pin plus the access code that is displayed 
on the token's LCD. 

16. The same motivation applies above, same motivation applies above, the Examiner asserts 
that in regards to claims 8, 21, 36, and 75, the path and the second path are a common path, 
because the paths work together in order to communicate(see Rallis and Kobielus). 

17. Claims 9, 19, 77, and 80, 10, 12, 28, 41, 43, 67, 68-69, 76, 89, RalUs is silent for output 
device. However, Kobielus teaches an output device, such as a LCD. It would have been 
obvious to one of ordinary skill in the art to combine Rallis with Kobielus, because both are 
analogous for providing a token to a user in order to gain access to computer. The motivation to 
include an output device such as a LCD is, the LCD display's the access code in Kobielus. 
Kobielus discloses that SecurlD does a challenge and response process, that generates an access 
code, and the user entered the pin plus the access code that is displayed on the token's LCD. 

18. As per claim 20, Rallis discloses wherein the output device is communicatively coupled to 
the processor by a second communication path distinct from the USB-compliant interface(see 
fig. lA, sheet 1). 
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19. As per claim 23, Rallis discloses wherein the path is entirely internal to the token(see col. 
1, lines 62-67). 

20. As per claim 24, Rallis discloses wherein the input device includes at least one 
pressure-sensitive device actuatable from an exterior surface of the token(see col. 5, lines 46-50). 

21. As per claim 25, Rallis et al. discloses wherein the input device comprises at least one 
push-button switch(see col. 5, lines 46-50). 

22. Claims 1 1, 27, 42, and 70, 84, are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rallis et al in view of Kobielus and further in view of Smith et al. 

23. As per claims 1 1, 27, 42, 70, 84 Rallis nor Kobielus does not disclose an aural device. 
However, Smith et al. discloses an aural device(see col. 2, lines 32-36). It would have been 
obvious to modify Rallis and Kobielus with Smith, because Smith et al. discloses a buzzer that is 
designed to warn the user of imminent interruption of power(see col. 2, lines 32-36). Thus, an 
aural device is a warning signal to warn the user of activity. 

24. Claims 13, 22, 26, 29, and 34, 44, 14, 30, 37, 45, 15, 31, 46, RaUis does not disclose a 
private key. However, Kobielus teaches a private key. Both Rallis and Kobeilus are analogous 
in the art of token's. It would have been obvious to one of ordinary skill in the art to modify 
Rallis with Kobeilus, because Kobelius teaches the token uses a secret algorithm and key to 
produce a onetime, nonrepeatable session password that is displayed on the LCD(output). The 
Examiner asserts that by using a secret algorithm that is changed every minute is more secure. 

25. Claims 63, 72, 83, 87, Rallis does not disclose an encryption and decryption. However, 
Kobielus discloses encryption and decryption. It would have been obvious to one of ordinary 
skill in the art at the time of the invention to modify Rallis with Kobielus, because Kobielus 
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teaches that a token can contain a digital signature that is hashed and encrypted with the 
originator's private key production the digital signature string that is then attached to and 
transmitted with the original object, along with a public key that can be used to validate it. The 
recipient can verify the digital signature by decrypting it with the originitator's public key. 

26. Claim 64, Rallis does not disclose a digital signature. However, Kobielus teaches a 
digital signature. It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Rallis with Kobielus, because Kobielus teaches that a digital signature 
authenticates the originator of an object and attests to the fact that the object has not been altered. 

27. As per claim 85, Rallis discloses further comprising an input device, conmiunicatively 
coupled to the processor by path distinct from the USB-compliant interface, for providing 
information for the operation of the processor(see fig. 1 A, sheet 1). 

As per claims 51-53, and 58-60 are objected as being rejected on base claims. The reason 
why these claims are objected to is because, in prior art there is no token or key that contains a 
wheel that a user can select to input characters, there is also no prior art that discloses two 
pressure sensitive devices in order to input characters. 

Response To Amendment 

28. In regards to Claim 1, the Applicant states that Rallis does not disclose "for processing by 
the processor to signal authorization of a processor operation providing access to the user private 
data", "in response to a message received in the token from the host processing device via the 
USB-compliant interface invoking the processor operation". The Examiner asserts that Rallis 
does disclose this; because Rallis discloses power and conmiand messages from the notebook 
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computer that contains a processor, and response messages from the key device(see col. 2, lines 
1, lines 46-58). The Examiner asserts that the user private data of the notebook computer is not 
allowed to be accessed, until the user is validated, because Rallis discloses the key device is used 
in conjunction v^ith the notebook computer to prevent unauthorized user's from gaining access to 
the notebook computer(see col. 2, lines 58-66). 

29. In regards to Claim 18-19, the Applicant states that Rallis does not disclose "processing 
the user input in the processor to authorize the processor operation". Rallis does disclose 
processing the user input in the processor to authorize the processor operation, because Rallis 
discloses that the user input is inputted, which is the, and validated by the notebook computer to 
authorize the processor operation(see col. 1, lines 47-67, and col. 2, lines 58-66). 

30. In regards to Claim 35, the Applicant states that RalHs does not disclose accepting a 
command in the token invoking a processor operation via a USB interface, and accepting a user 
input signaling authorization of that operation and providing the user input to a processor via a 
path distinct from the USB-compliant interface, and processing the user input in processor to 
authorize the invoked token processor operation. The Examiner disagrees with the Applicant. 
Rallis discloses that the key device(20)(i.e. token) receives power and command messages from 
the notebook computer(i.e. host computer)(see col. 2, lines 58-60), fiirther, Rallis discloses that 
the key can be connected to the USB port(see col. 2, lines 50-53, fig. 1 A, sheet 1). Furthermore, 
Rallis discloses that the key device(20) returns response messages, that include a serial number, 
and encryption key, and a pin(see col. 2, lines 61-64). Rallis discloses that the user is prompted 
to enter a pin, Rallis does not disclose that the pin is entered via a keyboard(see col. 1, lines 61- 
63). 
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31. In regards to Claim 49, Rallis does disclose that the key device returns response messages 
that includes a pin(col. 2, lines 62-64). Therefore, the Examiner asserts that the pin is not entered 
via a keyboard it is entered in the token, thus it is a path distinct from the USB-compUant 
interface, because the USB-compliant interface is within the notebook computer(see fig. 1 A, 
sheet 1). Thus, if the information contained in the token is not validated the notebook computer 
cannot be used(see col. 2, lines 62-66). However, claims 49, and 54, is allowable for the feature 
of the processor providing the host processing device conditional access to store and retrieve data 
storable in the memory. The Examiner asserts that in prior art, the token provides information 
such as pin or password to the host processing device to access the host, not to store and retrieve 
data in the token. Also, claims 50-53, 56-60 are allowable for the features of the wheel and 
selecting a character by depressing a wheel that is located on the token. Prior art fails to disclose 
these features, prior art teaches that characters can be inputted by a keypad on the token or via a 
keyboard not by using a wheel. The Applicant is advise to incorporated the limitations in 49 
with claims 50-53, 54 with claims 56-60. 

32. In regards to claims 61 and 71, this argument has already been addressed(see claim 1). 

33. In regards to claims 9, 19, 77, 80, an output device is not expressly disclosed in Rallis. 
Therefore, this limitation of these claims are taught by another reference(see above). The 
Applicant states that Rallis does not disclose a token having a processor for providing the host 
processing device conditional access to store and retrieve data storable in the memory, the data 
including personal identification private to the user. Rallis does disclose this, because Rallis 
discloses that the serial number, encryption key, and the pin are stored in the token, and are 
validated by the computer. 
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34. In regards to claim 4, the Applicant states Rallis does not disclose user private data is 
designated as requiring authorization before access by an associated identification stored in 
memory. The Examiner disagrees with the Applicant, Rallis does disclose user private data is 
designated as requiring authorization before access by an associated identification stored in 
memory, because Rallis discloses that in order to use notebook computer, the token must be 
inserted and the serial number, encryption key, and pin are required, and are validated with the 
notebook computer which stored the serial number, encryption key, and pin in memory(see col. 
1, lines 55-67). The Applicant states that Rallis does not disclose determining if personal 
identification is required, if personal identification is stored in the token, and if it is not, 
prompting the user to enter the personal identification. 

35. In regards to claims 5, 24, 39, 65, 73, the Applicant states that Rallis does not disclose two 
pressure sensitive devices actuatable from the exterior side of the token. The Examiner disagrees 
with the Applicant, Rallis does disclose two pressure sensitive devices actuatable from the 
exterior side of the token, Rallis discloses a finger print reader and a transmit switch(see col. 5). 

36. In regards to claims 6, 25, 40, and 66, Rallis does disclose a push-button switch which is a 
transmit switch(see col. 5). 

37. In regards to claims 7, 56, 74, and 88, Rallis does not expressly disclose an output device. 
The Examiner relied on another piece of art to meet this limitation. 

38. In regards to claims 56, 74, Rallis does not expressly disclose wherein the step of 
prompting the user to enter the personal identification number including the step of activating a 
user output device via a second communication path distinct from the USB-compliant interface. 



Application/Control Number: 09/449,159 Page 1 1 

Art Unit: 2131 

is not expressly disclosed in Rallis the Examiner provides another reference to meet this 
limitation. 

39. In regards to claims 8, 21, 36, and 75, the limitation of the output device has already been 
addressed(see above). 

40. In regards to claims 13, 29, and 44, 14, 30, 45, 15, 31, 46, RaUis does not disclose the 
output device provides an alphanumeric message, private key, private data. 

41 . In regards to claim 20, already been addressed(see above). 

42. In regards to claims 22 and 37, Rallis does not disclose a private key. 

43. In regards to claims 50, 57, user input device has already been addressed(see above). 

44. In regards to claim 62, rejected under the same basis as claim 1, see arguments regarding 
claim 1 above. 

46. In regards to claim 63, encrypting and decrypting, RaUis does not disclose encrypting and 
decrypting. 

47. In regards to claim 64, Rallis does not disclose a digital signature. 

48. In regards to claims 76, 84, and 89, Rallis does not discloses an LED, LCD or an aural 
reproduction device. 

49. In regards to claims 56 and 81, 67, 85, these limitations have already been response to see 
above. 

50. In regards to claims 82, 86, output device has already been response to. 

51. In regards to claims 10-12, 26-28, 41-43, and 68-70, RaUis does not disclose an LED, or 
LCD. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jenise E Jackson whose telephone number is (703) 306-0426. 
The examiner can normally be reached on M-Th (6:00 a.m. - 3:30 p.m.) alternate Friday's. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (703) 305-9648. The fax phone numbers for the 
organization where this application or proceeding is assigned are (703) 305-0040 for regular 
communications and (703) 308-6306 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-3900. 
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